Jon Detert
2014-May-09 19:18 UTC
[Samba] How to do basic task: add samba4 member server to samba4 ad dc?
I want to add a samba4 server to a samba4 AD domain, and serve file-shares from it. The closest URL I found is this: https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server However, it is not enough. Would some one please point me to better documentation, or tell me how to go about this? Problems I have with the above url: 1) I don't have users/groups in schema rfc2307. Is this a requirement? If not, then what, if any, of the example 'idmap config' and winbind directives do I need? Is there something else I need? 2) The document does not say you need to install winbind, but over 1/2 way through, says you should start the winbind daemon. Do I need it? If so, why?, and how do I configure it? Simply by the 5 lines shown in the example basic smb.conf? Does that mean I must add rfc2307 schema and data to my AD DC? Thanks, -- Jon Detert Sr. Systems Administrator Infinity Healthcare Milwaukee, Wisconsin
Marc Muehlfeld
2014-May-10 11:42 UTC
[Samba] How to do basic task: add samba4 member server to samba4 ad dc?
Hello Jon, Am 09.05.2014 21:18, schrieb Jon Detert: > The closest URL I found is this:> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_ServerGood. This works. I re-wrote and re-validated it just a few days ago. :-)> Would some one please point me to better documentation, or tell me> how to go about this? Just follow the HowTo. It works. ;-)> 1) I don't have users/groups in schema rfc2307. Is this a> requirement? If you want a central administration of your unix attributes (UIDs/GIDs, etc.), then yes. If not, you can use e. g. winbind and configure a static value for all users via 'template shell' / 'template homedir' / ... Another way instead of winbind would be e. g. sssd. But in both cases, you don't have a central administration then for your unix account data and e. g. different UIDs on every server.> 2) The document does not say you need to install winbind,> but over 1/2 way through, says you should start the> winbind daemon.If you follow the HowTo, it will be there when you have to start it. > Do I need it? If so, why? See 1.)> , and how do I configure it? Simply by the 5 lines shown in the> example basic smb.conf? Yes. If you have some special requirements or different needs, you need more or other values. It depents on your environment and what you want to achieve. > Does that mean I must add rfc2307 > schema and data to my AD DC? See 1.) Regards, Marc
Apparently Analagous Threads
- replication problems in samba4 ad domain
- how best to rollback from a yum update?
- win2k domain-less client failing to authenticate when securit y=domain
- winbind: group name doesn't map to a SID, but gid does
- how to make 'winbind nss info = sfu' work in v >= 3.0.26a